ExtremeSwitching (EXOS)

Expand all | Collapse all

May I connect with SSH2 or telnet to the decicated MGMT-port (VR-Mgmt VLAN)?

  • 1.  May I connect with SSH2 or telnet to the decicated MGMT-port (VR-Mgmt VLAN)?

    Posted 01-16-2017 13:08
    Hello, team!

    I've configured IPs for MGMT-ports of all my Exteme switches and connected them to dedicated 2960. Ping works fine but I am unable to connect to the switches with SSH or telnet.

    Is it possible?

    Thanks!


  • 2.  RE: May I connect with SSH2 or telnet to the decicated MGMT-port (VR-Mgmt VLAN)?

    Posted 01-16-2017 13:16
    Hi Ilya,

    I assume that you have enabled ssh/telnet and there is no access-list applied on the telnet application?



  • 3.  RE: May I connect with SSH2 or telnet to the decicated MGMT-port (VR-Mgmt VLAN)?

    Posted 01-16-2017 13:16
    Hello, Ron!

    Thanks for your reply. I am not sure about the telnet, but ssh was enabled. How can I check whether there are any access-lists applied to "telnet application"? It sound a bit strange for me...


  • 4.  RE: May I connect with SSH2 or telnet to the decicated MGMT-port (VR-Mgmt VLAN)?

    Posted 01-16-2017 13:16
    Hi, you can check that through the "show management" command already requested by Ronald.


  • 5.  RE: May I connect with SSH2 or telnet to the decicated MGMT-port (VR-Mgmt VLAN)?

    Posted 01-16-2017 13:24
    Is the ping source and the switch mgmt IP in the same subnet - please post the CLI output for "show management".



  • 6.  RE: May I connect with SSH2 or telnet to the decicated MGMT-port (VR-Mgmt VLAN)?

    Posted 01-16-2017 13:24
    Hi,Ronald!

    I will post the output in several hours, thank you...


  • 7.  RE: May I connect with SSH2 or telnet to the decicated MGMT-port (VR-Mgmt VLAN)?

    Posted 01-16-2017 13:24
    Hello, Ron!

    Here it is - "show management" output. How can I check what is "mgt" access-profile?



    Many thanks to you!


  • 8.  RE: May I connect with SSH2 or telnet to the decicated MGMT-port (VR-Mgmt VLAN)?

    Posted 01-16-2017 13:24
    Hi Ilya,

    So there is a policy file called mgt.pol. That probably prevent you of logging in.
    With "vi mgt.pol" you can see the content.
    with "configure telnet access-profile none" you can remove the access profile.




  • 9.  RE: May I connect with SSH2 or telnet to the decicated MGMT-port (VR-Mgmt VLAN)?

    Posted 01-16-2017 13:24
    Ilya,

    As Ron pointed out to remove the access profile configured for telnet. In the similiar way, remove the access profile configured for SSH

    "configure ssh2 access-profile none".




  • 10.  RE: May I connect with SSH2 or telnet to the decicated MGMT-port (VR-Mgmt VLAN)?

    Posted 01-17-2017 08:46
    Thank you very much, gentlemen!

    I've added required prefixes to access-profile file and not it works.


  • 11.  RE: May I connect with SSH2 or telnet to the decicated MGMT-port (VR-Mgmt VLAN)?

    Posted 01-17-2017 11:37


  • 12.  RE: May I connect with SSH2 or telnet to the decicated MGMT-port (VR-Mgmt VLAN)?

    Posted 01-17-2017 11:37
    Hello Henrique,

    Does the same reference applies for telnet as well as SSH?
    Is "Controlssh" refer to a name or has a function!?

    Thanks
    Yusuf